[jira] [Commented] (KAFKA-4454) Authorizer should also include the Principal generated by the PrincipalBuilder.

Fri, 02 Dec 2016 15:26:04 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716846#comment-15716846
 ] 

ASF GitHub Bot commented on KAFKA-4454:
---------------------------------------

GitHub user MayureshGharat opened a pull request:

    https://github.com/apache/kafka/pull/2206

    KAFKA-4454 : Authorizer should also include the Principal generated by the 
PrincipalBuilder.

    Added support to include the Principal generated by the PrincipalBuilder in 
KafkaChannel

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/MayureshGharat/kafka KAFKA-4454

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/2206.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2206
    
----
commit a8dc3055115d3ddc8593d34c627a46ce31d1dd7f
Author: MayureshGharat <gharatmayures...@gmail.com>
Date:   2016-12-02T23:20:52Z

    Added support to include the Principal generated by the PrincipalBuilder in 
KafkaChannel

----


> Authorizer should also include the Principal generated by the 
> PrincipalBuilder.
> -------------------------------------------------------------------------------
>
>                 Key: KAFKA-4454
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4454
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.0.1
>            Reporter: Mayuresh Gharat
>            Assignee: Mayuresh Gharat
>             Fix For: 0.10.2.0
>
>
> Currently kafka allows users to plugin a custom PrincipalBuilder and a custom 
> Authorizer.
> The Authorizer.authorize() object takes in a Session object that wraps 
> KafkaPrincipal and InetAddress.
> The KafkaPrincipal currently has a PrincipalType and Principal name, which is 
> the name of Principal generated by the PrincipalBuilder. 
> This Principal, generated by the pluggedin PrincipalBuilder might have other 
> fields that might be required by the pluggedin Authorizer but currently we 
> loose this information since we only extract the name of Principal while 
> creating KaflkaPrincipal in SocketServer.  
> It would be great if KafkaPrincipal has an additional field 
> "channelPrincipal" which is used to store the Principal generated by the 
> plugged in PrincipalBuilder.
> The pluggedin Authorizer can then use this "channelPrincipal" to do 
> authorization.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to